CVE-2023-5868

Postgresql: memory disclosure in aggregate function calls

Published: 12/10/2023 Last updated: 11/20/2025 Reserved: 10/31/2023

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.3	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Opam packages affected (5)

conf-mingw-w64-postgresql-i686 conf-mingw-w64-postgresql-x86_64 conf-postgresql ocsigen-start postgresql

Products affected (85)

Product	Vendor	Version
Red Hat Advanced Cluster Security 4.2	Red Hat	< 18.2R2-S7, 18.2R3-S3
RHACS-3.74-RHEL-8	Red Hat	SA8155P
Red Hat Advanced Cluster Security 4.2	Red Hat	2008 for 32-bit Systems Service Pack 2 (Core installation)
RHACS-3.74-RHEL-8	Red Hat	6.0.0-6.0.11
RHACS-4.1-RHEL-8	Red Hat	<= 10-00-*
RHACS-4.1-RHEL-8	Red Hat	SD 8 Gen1 5G
RHACS-3.74-RHEL-8	Red Hat	n/a
Red Hat Advanced Cluster Security 4.2	Red Hat	QCA6420
RHACS-4.1-RHEL-8	Red Hat	SD855
RHACS-4.1-RHEL-8	Red Hat	< 10.0.17763.2061
Red Hat Advanced Cluster Security 4.2	Red Hat	<= 09-00-*
RHACS-3.74-RHEL-8	Red Hat	n/a
RHACS-4.1-RHEL-8	Red Hat	R5.04.20 and earlier
RHACS-4.1-RHEL-8	Red Hat	<= 4.3.1
RHACS-3.74-RHEL-8	Red Hat	SA8195P
Red Hat Advanced Cluster Security 4.2	Red Hat	n/a
Red Hat Advanced Cluster Security 4.2	Red Hat	n/a
RHACS-3.74-RHEL-8	Red Hat	SCALANCE M875 All versions
RHACS-4.1-RHEL-8	Red Hat	6.6.604 and below
RHACS-3.74-RHEL-8	Red Hat	R3.09.50 and earlier
Red Hat Advanced Cluster Security 4.2	Red Hat	< 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60
RHACS-4.1-RHEL-8	Red Hat	< 10.0.25398.1308
RHACS-4.1-RHEL-8	Red Hat	< unspecified
RHACS-3.74-RHEL-8	Red Hat	6.2.0-6.2.5
RHACS-3.74-RHEL-8	Red Hat	n/a
RHACS-4.1-RHEL-8	Red Hat	SD888 5G
Red Hat Advanced Cluster Security 4.2	Red Hat	2008 for Itanium-Based Systems Service Pack 2
Red Hat Advanced Cluster Security 4.2	Red Hat	QCA6430
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	SA8145P
Red Hat Enterprise Linux 9	Red Hat	<= 10-00-*
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	Android-10
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	PLAT 7.3 (E0504)
Red Hat Enterprise Linux 9	Red Hat	SA6155P
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	SA8150P
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	SDA429W
Red Hat Enterprise Linux 8	Red Hat	< unspecified
Red Hat Enterprise Linux 8	Red Hat	R5.04.20 and earlier
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	See references
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	< 19.2R1-S3, 19.2R2
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	SA6150P
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	< 10.0.19045.5247
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	QCA6574AU
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	1.0.1
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	QCA6696
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	< 18.4R1-S5, 18.4R2-S2, 18.4R3
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	<= 10-00-*
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	QCC5100
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	1.1.10
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	2008 for x64-based Systems Service Pack 2 (Core installation)
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	1.0.0
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	1.1.9
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< 19.1R1-S4, 19.1R2
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	SA6145P
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	1.1.13
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	<= 10-00-*
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	<= 8.0.31
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	<= 5.7.43
Red Hat Enterprise Linux 8	Red Hat	< 10.0.22621.4602
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	R3.09.50 and earlier
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	1.2.0.95
Red Hat Enterprise Linux 8	Red Hat	< 18.3R1-S7, 18.3R2-S3, 18.3R3
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	2008 for x64-based Systems Service Pack 2
Red Hat Enterprise Linux 9	Red Hat	R3.08.70 and earlier
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< 10.0.22631.4602
Red Hat Enterprise Linux 8	Red Hat	SW5100
Red Hat Enterprise Linux 9	Red Hat	V6.0.10P2T2?V6.0.10P2T5
Red Hat Enterprise Linux 9	Red Hat	1.1
Red Hat Enterprise Linux 8	Red Hat	<= 10-00-*
Red Hat Software Collections	Red Hat	SW5100P
Red Hat Software Collections	Red Hat	<= 1.4.6.2
Red Hat Software Collections for Red Hat Enterprise Linux 7	Red Hat	<= 10-00-*
Red Hat Software Collections for Red Hat Enterprise Linux 7	Red Hat	Android-10
Red Hat Software Collections for Red Hat Enterprise Linux 7	Red Hat	< 10.0.22631.4602
Red Hat Software Collections for Red Hat Enterprise Linux 7	Red Hat	<= 1.0.0

References (104)

Credits (2)

Upstream acknowledges Jingzhou Fu as the original reporter.
Upstream acknowledges Jingzhou Fu as the original reporter.